Description
This invention relates to protection of the confidentiality of data stored in a storage unit, and particularly in a read-only memory. In particular, this memory may be a semiconductor ROM (Read-Only Memory) type of memory, for example that will contain a program in the form of a source code. This type of memory is used within a chip forming a microcontroller, connected to various functional units of the microcontroller by internal buses. Data stored in the ROM memory are only used inside the microcontroller, for example to execute a user program. It is frequently unnecessary and undesirable for the final user of the microcontroller to read data in the ROM memory from the outside. These data may apply to protected software, or proprietary or personal information. In this respect, note that the contents of a memory cannot be deduced by the microcontroller observing execution of a code stored in the ROM memory.
Moreover, a test mode is usually provided to check the contents of the memory from the outside in order to determine if the memory is programmed correctly and if the read circuits are operating correctly. There are several methods of controlling this memory test mode. Typically, the test is controlled by a signal applied to a memory validation or selection input, referred to as the CS (Chip Select) or CE (Chip Enable) input.
Most solutions used to protect the contents of a memory such as a ROM memory from being read, mean that this CS input has to be authorised in a user mode to enable execution of the program contained in memory, but is disabled when the memory is put into test mode by an unauthorised user, i.e. outside allowable test conditions.
One conventional technique for satisfying this condition is to provide a fusible link within the memory. The fusible link is designed to shunt the read protection and therefore to enable systematic access to the memory contents, for example using a “dump” mode. In this manner, the memory manufacturer or programmer can use the test function at an initial stage to read the memory and check that it does not contain any erroneous data. Once this initial test has been completed, it will break the fusible link, for example by applying a breakdown voltage, to ensure that the protection can no longer be bypassed. From this moment on, test mode is no longer accessible. The memory can only be accessed to execute the code.
This approach, which is a “static” option, requires additional manufacturing steps to make the fusible link, which increases the costs and efficiency of manufacturing. Another disadvantage is that it inhibits reading data in test mode permanently after breakdown of the fusible link, which is not always desirable.
Another known approach consists of setting up a confidential combination or sequence of logical signals to be applied to selected memory inputs. A correct combination or sequence of logical signals provides access to data stored according to a test mode. This type of coding remains relatively simple and frequently does not provide adequate security, unlike the solution based on a fusible link. The use of this type of protection is based on logical circuits and registers separate from the memory zone. These elements make combinational logic on access signals to test mode to output (or not output) the validation signal that enables access to test mode.
When the memory in question is integrated in a set of circuits, as is the case of a microcontroller, an additional protection is obtained when the memory test mode outputs a global indication of the contents rather than each individual data item (for example in the form of stored bytes). This global indication is usually the result of an algorithm known as a “checksum”, applied accumulatively by an internal unit to each tested data item in memory. The result is then a numerical value that is influenced by each byte tested. This value is output and compared in a circuit with the value to which it must correspond, if all the tested data are correct. During execution of the algorithm mentioned above, the memory is put into “dump” mode in order to dump the data in its successive addresses to the internal execution circuit of the algorithm. Note that the value produced at the output is the result of a large number of stored individual data and is not sufficient to reconstitute these data afterwards. In other words, the value of the result of the algorithm does not reveal the memory contents, but simply whether or not it is conform. The intention is to further improve security, making sure that the result of the algorithm cannot be transmitted unless a sufficient number of tested data, or perhaps all the data, have been processed by the algorithm.
This solution provides a good level of security and a good test coverage, but as a result of its basic function, it can never be used to read individual values stored in memory from outside the memory. For example, it is not possible to make an error analysis when the read test reveals that the memory does not work on a part such as a microcontroller and that it is useful for the diagnostic to know which byte is in fault.